In the first and second part of the previous articles, we reviewed the security issues at the vSphere ESXi and vCenter Server level , and in this section I want to introduce security issues related to virtual machines. As you know, a large part of the holes that malware use to access the network is due to the weakness of users in setting the correct software and service. In recent years, due to the increasing complexity of deploying virtual machines and their migration to other sites, security issues have become more prominent than before.
But how can one integrate the security of virtual machines into the internal network and on other sites? The main steps that will help you secure virtual machines are:
Make sure that your car operating system is up-to-date and do not activate unnecessary services.
Remove unnecessary devices or devices from the virtual machine to prevent intrusion through the port.
The way NSX use to virus detection and security in different layers of the network, regardless of location and installation is done the car.
Use the NSX routing approach to stream data routing in the virtual network and not be transferred to the physical network.
Connect the sensitive data in the LUN to the machine you want to access. By doing so, the speed of data exchange will be increased and the availability of other machines will be discontinued.
Avoid uncontrolled connection of the Internet or direct Internet connection with Valid IP to the virtual machine's network card.
By activating the Secure Boot feature on the virtual machine and virtual machine cryptography, prevent data from being detected or sending data to other sites without encrypting it. With 6.5, this is possible.
Avoid expose the identity of the hardware infrastructure in the virtual machine.
Keep up-to-date the hardware virtual machine version and VMware Tools in consultation with the car service provider.
Use templates to standardize security services and policies. A good template will not only save you time, it will prevent any inaccuracies in setting up a virtual machine.
Take the sensitivity to allocating resources to the virtual machine to prevent other machines from being used by other car resources. For example, if you use a Exchange or Database service in a cluster , it's best to specify the amount of memory needed for these services, since defining it in a service or virtual machine will result in additional memory being needed from other machines. .
Control the number of concurrent connections to the virtual machine. This prevents unauthorized changes by multiple users at a time.
By defining the affinity and anti-affinity settings, ensure that distributed virtual machines are distributed in different hosts so that all critical services do not go away at the same time.
To check other VMware vSphere security issues, I recommend visiting the VMware website and using the VMware Security Guide 6. 5 guide .